c/cybersecurity-tips

My cousin told me to use the same password for everything... what a mess

So my cousin Mike, who works in IT, told me like two years ago that it was totally fine to reuse passwords across sites as long as the password was strong. I trusted him because he's the 'tech guy' in the family. Fast forward to last month, I got a notification that someone logged into my Spotify account from a city I've never been to in Texas. Then my email started getting password reset requests for my Amazon and PayPal accounts. Turns out one of those random browser games I signed up for back in 2023 got hacked, and since I used that same login everywhere, they got into like 6 of my accounts. It took me three full evenings to change everything and set up a password manager. Has anyone else had a family member give them bad cybersecurity advice that came back to bite them?

Picked a free password manager over a paid one and regretting it now

I went with Bitwarden because everyone said it was just as good as 1Password, but after 6 months the lack of some features is really starting to bug me. Has anyone else switched back to a paid option after trying the free route?

Had to pick between a password manager and a notebook for my logins

I went with the notebook for 3 months after getting sketched out by a data breach, but then my dog chewed it up and I lost everything. Has anyone else had a similar system fail and switched back?

Switched from LastPass to Bitwarden after the 2021 breach and it's way smoother

I used to just stick with LastPass because it was the default but after that big breach in 2021 I finally moved everything over to Bitwarden. Took me like an afternoon to export and import all 200+ passwords and I haven't had a single login issue since. Anyone else make the switch and find it easier to manage?

Hit 100 password resets for one user and had to step back

I manage accounts for a small office, about 40 people. One user kept calling me every few weeks to reset his password because he forgot it. After the 100th reset over 2 years, I finally asked him what system he used. He said he wrote passwords on sticky notes under his keyboard. I showed him a free password manager and he hasn't called once in 6 months. Has anyone else run into that kind of stubborn behavior with simple fixes?

Ngl I laughed at my buddy for using a password manager until my email got hijacked last Tuesday

Stuck between a password manager and a notebook for 3 weeks

I kept going back and forth on using Bitwarden versus just writing passwords in a physical notebook. Ended up going with the notebook since I work remotely from a coffee shop in Austin and got paranoid about cloud breaches. Big mistake - lost it somewhere between my car and the counter last Tuesday. Now I'm resetting 12 accounts and feeling like an idiot. Anyone else tried the analog route and immediately regretted it?

That week I got phished through a fake password reset email...

I almost clicked a link in an email that said my bank account was locked last Tuesday. Looked exactly like my bank's logo and everything, even the sender address seemed close. Then I noticed the URL was off by one letter - like "bankofamerrica" instead of the real one. Scared me enough to call the actual bank number from my card, and they confirmed it was a scam. Whoever made that email put serious time into the details... How do you all spot these things before you click? Anyone else had a close call like that?

Laptop got hit by a coffee spill at a Panera in Marietta last month

I was working on estimates at a Panera in Marietta last month and some kid knocked his drink right onto my keyboard. It fried the whole thing, motherboard and all, and I lost a week of files because my backup drive was sitting at home. Has anyone found a good waterproof keyboard cover that actually works for typing all day?

Pro tip: I used to use the same password for everything until a breach at work got me fired

back in 2019 I worked for a small construction company in Phoenix. Somebody phished the office manager and got into our email system. Since I used the same password for my personal email, they got into that too and sent invoices to our clients with fake bank info. Owner blamed me even though it was a basic phishing link. Now I use a password manager with different 16-character passwords for every site. Took me maybe 2 hours to set up. Has anyone else had a job or personal account get hit because of reused passwords?

Had to pick between a password manager and a notebook for keeping track of logins

A few months back I was at a coffee shop in Austin and realized I had maybe 30 different accounts floating around in my head. I kept forgetting passwords and doing the reset dance every single time. So I had this choice: either trust a password manager app or just write everything down in a physical notebook. I went with the notebook at first because I thought no hacker can break into a piece of paper, right? But after a week of flipping through pages and losing it under my couch cushion twice, I gave up. I switched to a free password manager on my phone and now I use it for everything. The notebook thing felt safer but honestly it was way less practical for day to day stuff. Has anyone else wrestled with this same choice and found a middle ground?

Spent 3 hours trying to figure out why my new security key wouldn't register, only to realize I was trying to plug it into the Ethernet port.

Anyone else ever get so focused on a security setup that you miss the most obvious physical step?

Just saw my password manager flagged 47 duplicate passwords across my old accounts.

I ran a security audit after hearing about a breach at a forum I used in 2012, and seeing that number made me finally go through and update everything. Has anyone else had a scary high duplicate count and found a good system for changing them all without losing your mind?

I thought my bank's new security questions were just annoying

My bank added a step where they ask for a random word from a phrase I set up, like the third word from my 'secret sentence'. I thought it was a hassle for no reason until a friend in IT explained it stops bots that scrape answers from social media. He said a basic script can guess your first pet's name, but not the fifth word of a custom phrase. I set mine up six months ago and honestly, it's not that bad once you get used to it. Has anyone else had a bank or site roll out something like this that you ended up liking?

Showerthought: My kid's friend said they just use their birthday for all their passwords

Honestly, it was a birthday party last weekend and I heard a 12-year-old say that. It made me realize how many adults probably do the same basic thing without thinking. What's a better way to explain password managers to someone who isn't techy at all?

Can we talk about how my neighbor's smart doorbell got hacked last week

Three years ago I told him to change the default password on his new video doorbell, but he didn't listen, and last week someone in Tulsa used it to yell at his dog through the speaker at 3 a.m.

My kid's tablet started showing ads for things I'd only talked about near it

I finally checked the app permissions and saw it had microphone access for a game they downloaded. Has anyone else found a sneaky app listening when it shouldn't be?

I thought my router's guest network was pointless until my smart TV got hacked

For years I just let all my devices connect to the same main Wi-Fi, thinking the guest network was for visitors only. Then my smart TV started showing weird ads and a search history I didn't make. My ISP's security guy said it was likely a malware attack through a weak app on the TV. He told me to put all my 'Internet of Things' stuff, like the TV, thermostat, and lights, on the isolated guest network. I did that six months ago and the strange activity stopped completely. It's a simple step that actually makes a big difference. What other devices do you guys keep off your main network?

I stopped a phishing attack cold by making one simple phone call.

Last month, I got an email from what looked like my bank's fraud department, telling me to click a link and verify a weird charge. The email looked perfect, same logo and everything. Instead of clicking, I found the real customer service number on the back of my actual debit card and called them directly. The agent confirmed it was a fake email in about 30 seconds. The scammers had even copied the bank's real phone number in the email, but changed one digit. My trick is to never trust contact info inside a suspicious message. Go find the real number or website yourself, from a source you already know is good. It takes two extra minutes but it works. Has anyone else caught a fake by just picking up the phone?

My small company's email got hit at a trade show in Austin last year

We were at a roofing supply trade show in Austin, and someone set up a fake wifi network with the event's name. I connected without thinking, and within an hour, a phishing email went out to our entire client list from my account. It cost us about $2,000 in damage control and lost a couple of clients. Now I argue with my crew about security: I say we should always use a VPN and a hotspot, but they think it's too much hassle for a quick check. Has anyone else dealt with a public wifi attack and found a simple rule that works for a team?

PSA: I used to think a single password for everything was fine, until my old email got hit in 2019.

Back then, I just used one password with a few numbers swapped for my bank, email, and a couple of forums. It got into a data breach from a small gaming site I forgot about. Now I use a password manager and make a different, long password for every single account. It took a weekend to change everything, but it's worth it. How do you guys keep track of all your different passwords now?

My neighbor's kid just asked me why my home network has a weird name

I was setting up a new access point on my porch in Denver last month when the 14-year-old from next door wandered over. He pointed at my phone screen and said, 'Why does your Wi-Fi say FBI Surveillance Van 3?' I explained it was a small trick to make random people less likely to try and connect to it. His eyes got wide and he said, 'Oh... so you're basically hiding in plain sight.' That simple comment from a kid made me realize even silly, basic steps have value. Anyone else have a go-to method for making their home network look less tempting?

Bought a $40 hardware key and it stopped a login from Russia cold

Got a weird email about a login from Moscow last month, but my Yubikey blocked it because they didn't have the physical key. I bought it after my old password got leaked in a breach. Anyone else use these for their main email or bank accounts?

A client told me my 'Password123' for their server was a joke and I haven't used a simple password since.

After that call, I switched to a password manager and now generate 16-character random strings for everything, so what's your method for keeping complex passwords straight?

I always thought my old password habits were fine until my neighbor's account got hit

My neighbor in apartment 3B had his email broken into last Tuesday because he reused the same password on a shopping site that got hacked. He told me the whole story over coffee and it freaked me out. I used to think having a couple of strong passwords I rotated was enough, but seeing it happen to someone I know changed my mind. Now I'm using a password manager and making a unique one for every single login, no matter how small the site seems. Has anyone else switched to a manager after a close call like that?